<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>ActiveSupport::MessageVerifier</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" href="../../css/reset.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../css/main.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../css/github.css" type="text/css" media="screen" />
<script src="../../js/jquery-1.3.2.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/jquery-effect.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/main.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/highlight.pack.js" type="text/javascript" charset="utf-8"></script>

</head>

<body>     
    <div class="banner">
        
            <span>Ruby on Rails v4.0.0</span><br />
        
        <h1>
            <span class="type">Class</span> 
            ActiveSupport::MessageVerifier 
            
                <span class="parent">&lt; 
                    
                    <a href="../Object.html">Object</a>
                    
                </span>
            
        </h1>
        <ul class="files">
            
            <li><a href="../../files/activesupport/lib/active_support/message_verifier_rb.html">activesupport/lib/active_support/message_verifier.rb</a></li>
            
        </ul>
    </div>
    <div id="bodyContent">
        <div id="content">
  
    <div class="description">
      
<p><code>MessageVerifier</code> makes it easy to generate and verify messages
which are signed to prevent tampering.</p>

<p>This is useful for cases like remember-me tokens and auto-unsubscribe links
where the session store isn’t suitable or available.</p>

<p>Remember Me:</p>

<pre>cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])</pre>

<p>In the authentication filter:</p>

<pre>id, time = @verifier.verify(cookies[:remember_me])
if time &lt; Time.now
  self.current_user = User.find(id)
end</pre>

<p>By default it uses <a href="../Marshal.html">Marshal</a> to serialize the
message. If you want to use another serialization method, you can set the
serializer in the options hash upon initialization:</p>

<pre>@verifier = ActiveSupport::MessageVerifier.new('s3Krit', serializer: YAML)</pre>

    </div>
  


  


  
  


  
    <!-- Namespace -->
    <div class="sectiontitle">Namespace</div>
    <ul>
      
        <li>
          <span class="type">CLASS</span>
          <a href="MessageVerifier/InvalidSignature.html">ActiveSupport::MessageVerifier::InvalidSignature</a>
        </li>
      
    </ul>
  


  
    <!-- Method ref -->
    <div class="sectiontitle">Methods</div>
    <dl class="methods">
      
        <dt>G</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="MessageVerifier.html#method-i-generate">generate</a>
              </li>
            
          </ul>
        </dd>
      
        <dt>N</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="MessageVerifier.html#method-c-new">new</a>
              </li>
            
          </ul>
        </dd>
      
        <dt>V</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="MessageVerifier.html#method-i-verify">verify</a>
              </li>
            
          </ul>
        </dd>
      
    </dl>
  

  



  

    

    

    


    


    <!-- Methods -->
    
      <div class="sectiontitle">Class Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-c-new">
            
              <b>new</b>(secret, options = {})
            
            <a href="MessageVerifier.html#method-c-new" name="method-c-new" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-c-new_source')" id="l_method-c-new_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/0788d35a05bb3926500f7aa2930300144df779ac/activesupport/lib/active_support/message_verifier.rb#L29" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-c-new_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activesupport/lib/active_support/message_verifier.rb, line 29</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">initialize</span>(<span class="ruby-identifier">secret</span>, <span class="ruby-identifier">options</span> = {})
  <span class="ruby-ivar">@secret</span> = <span class="ruby-identifier">secret</span>
  <span class="ruby-ivar">@digest</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:digest</span>] <span class="ruby-operator">||</span> <span class="ruby-string">'SHA1'</span>
  <span class="ruby-ivar">@serializer</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:serializer</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">Marshal</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                  
      <div class="sectiontitle">Instance Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-i-generate">
            
              <b>generate</b>(value)
            
            <a href="MessageVerifier.html#method-i-generate" name="method-i-generate" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-i-generate_source')" id="l_method-i-generate_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/0788d35a05bb3926500f7aa2930300144df779ac/activesupport/lib/active_support/message_verifier.rb#L46" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-i-generate_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activesupport/lib/active_support/message_verifier.rb, line 46</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">generate</span>(<span class="ruby-identifier">value</span>)
  <span class="ruby-identifier">data</span> = <span class="ruby-operator">::</span><span class="ruby-constant">Base64</span>.<span class="ruby-identifier">strict_encode64</span>(<span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">dump</span>(<span class="ruby-identifier">value</span>))
  <span class="ruby-node">&quot;#{data}--#{generate_digest(data)}&quot;</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
        
        <div class="method">
          <div class="title method-title" id="method-i-verify">
            
              <b>verify</b>(signed_message)
            
            <a href="MessageVerifier.html#method-i-verify" name="method-i-verify" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-i-verify_source')" id="l_method-i-verify_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/0788d35a05bb3926500f7aa2930300144df779ac/activesupport/lib/active_support/message_verifier.rb#L35" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-i-verify_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activesupport/lib/active_support/message_verifier.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">verify</span>(<span class="ruby-identifier">signed_message</span>)
  <span class="ruby-identifier">raise</span> <span class="ruby-constant">InvalidSignature</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">signed_message</span>.<span class="ruby-identifier">blank?</span>

  <span class="ruby-identifier">data</span>, <span class="ruby-identifier">digest</span> = <span class="ruby-identifier">signed_message</span>.<span class="ruby-identifier">split</span>(<span class="ruby-string">&quot;--&quot;</span>)
  <span class="ruby-keyword">if</span> <span class="ruby-identifier">data</span>.<span class="ruby-identifier">present?</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">digest</span>.<span class="ruby-identifier">present?</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">secure_compare</span>(<span class="ruby-identifier">digest</span>, <span class="ruby-identifier">generate_digest</span>(<span class="ruby-identifier">data</span>))
    <span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">load</span>(<span class="ruby-operator">::</span><span class="ruby-constant">Base64</span>.<span class="ruby-identifier">decode64</span>(<span class="ruby-identifier">data</span>))
  <span class="ruby-keyword">else</span>
    <span class="ruby-identifier">raise</span> <span class="ruby-constant">InvalidSignature</span>
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                    </div>

    </div>
  </body>
</html>    